Vulnerability Management (SME)

Job Title: Vulnerability Management SME

Pay Type: SALARIED EXEMPT

Location: Hybrid, Washington, DC (Must Work East Coast Hours)

Citizenship: U.S. Citizenship (Required)

Summary of Position Role/Responsibilities

The Vulnerability Management Subject Matter Expert (SME) is responsible for establishing, standardizing, and maturing enterprise-wide vulnerability management processes across Quzara’s federal and commercial environments. This role defines frameworks, workflows, and governance for effective vulnerability identification, prioritization, remediation, and reporting. Additionally, the SME collaborates with SOC, Systems Security Engineering, Cloud, and Network teams to ensure consistent execution of these practices in alignment with federal standards and continuous monitoring requirements. The position is essential for enabling audit readiness, improving risk visibility, and ensuring accountability in remediation efforts.

Essential Functions of the Job

Design and implement an enterprise vulnerability management program aligned with federal frameworks and compliance requirements.
Define and standardize scanning, assessment, and reporting processes across infrastructure, applications, and cloud environments.
Establish risk-based prioritization models and criteria for vulnerability remediation and risk acceptance.
Define and enforce remediation workflows, including ownership models, escalation paths, and tracking mechanisms.
Coordinate with SOC, Systems Security Engineers (SSE), Cloud Engineers, and Network Security Engineers to ensure alignment and execution of vulnerability management activities.
Develop and maintain standard operating procedures (SOPs), process documentation, and governance artifacts.
Create and manage metrics, dashboards, and reporting frameworks to provide visibility into vulnerability posture and remediation performance.
Support audit activities and continuous monitoring requirements, including preparation of evidence and reporting aligned with compliance standards.
Drive continuous improvement of vulnerability management processes through analysis of trends, gaps, and operational feedback.

Marginal Functions of the Job

Other duties as assigned

Normal Work Schedule:

This full-time role runs Monday to Friday, 8:30 AM–5:30 PM and requires flexibility to work remotely or on-site (if applicable per client RTO policies). On occasion additional hours may be necessary.

Education, Training, and Experience

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
7–10+ years of experience in vulnerability management, security engineering, or cybersecurity operations, with demonstrated leadership or SME-level responsibilities.
Strong knowledge of vulnerability management lifecycle processes, including scanning, assessment, prioritization, and remediation.
Experience designing and implementing enterprise-level security programs or processes.
Familiarity with federal cybersecurity frameworks such as NIST SP 800-53, FISMA, and FedRAMP.
Experience working across multiple domains, including infrastructure, cloud, application, and network security.
Ability to define governance models, reporting structures, and operational standards.
Strong analytical, communication, and collaboration skills across technical and non-technical teams.
Must be a U.S. Citizen and eligible to support federal contracting environments.

Preferred Certifications

CISSP (Certified Information Systems Security Professional)
CEH (Certified Ethical Hacker) or CompTIA PenTest+
Additional vulnerability management or security certifications

EEO Statement

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.

Similar jobs